417 lines
9.1 KiB
C
417 lines
9.1 KiB
C
/*++
|
||
|
||
Copyright (c) 1989 Microsoft Corporation
|
||
|
||
Module Name:
|
||
|
||
SeInfo.c
|
||
|
||
Abstract:
|
||
|
||
This module implements the Security Info routines for NPFS called by the
|
||
dispatch driver. There are two entry points NpFsdQueryInformation
|
||
and NpFsdSetInformation.
|
||
|
||
Author:
|
||
|
||
Gary Kimura [GaryKi] 21-Aug-1990
|
||
|
||
Revision History:
|
||
|
||
--*/
|
||
|
||
#include "NpProcs.h"
|
||
|
||
//
|
||
// The debug trace level
|
||
//
|
||
|
||
#define Dbg (DEBUG_TRACE_SEINFO)
|
||
|
||
//
|
||
// local procedure prototypes
|
||
//
|
||
|
||
NTSTATUS
|
||
NpCommonQuerySecurityInfo (
|
||
IN PNPFS_DEVICE_OBJECT NpfsDeviceObject,
|
||
IN PIRP Irp
|
||
);
|
||
|
||
|
||
NTSTATUS
|
||
NpCommonSetSecurityInfo (
|
||
IN PNPFS_DEVICE_OBJECT NpfsDeviceObject,
|
||
IN PIRP Irp
|
||
);
|
||
|
||
#ifdef ALLOC_PRAGMA
|
||
#pragma alloc_text(PAGE, NpCommonQuerySecurityInfo)
|
||
#pragma alloc_text(PAGE, NpCommonSetSecurityInfo)
|
||
#pragma alloc_text(PAGE, NpFsdQuerySecurityInfo)
|
||
#pragma alloc_text(PAGE, NpFsdSetSecurityInfo)
|
||
#endif
|
||
|
||
|
||
NTSTATUS
|
||
NpFsdQuerySecurityInfo (
|
||
IN PNPFS_DEVICE_OBJECT NpfsDeviceObject,
|
||
IN PIRP Irp
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routine implements the FSD part of the Query Security Information API
|
||
calls.
|
||
|
||
Arguments:
|
||
|
||
NpfsDeviceObject - Supplies the device object to use.
|
||
|
||
Irp - Supplies the Irp being processed
|
||
|
||
Return Value:
|
||
|
||
NTSTATUS - The Fsd status for the Irp
|
||
|
||
--*/
|
||
|
||
{
|
||
NTSTATUS Status;
|
||
|
||
PAGED_CODE();
|
||
|
||
DebugTrace(+1, Dbg, "NpFsdQuerySecurityInfo\n", 0);
|
||
|
||
//
|
||
// Call the common Query Information routine.
|
||
//
|
||
|
||
FsRtlEnterFileSystem();
|
||
|
||
NpAcquireExclusiveVcb();
|
||
|
||
try {
|
||
|
||
Status = NpCommonQuerySecurityInfo( NpfsDeviceObject, Irp );
|
||
|
||
} except(NpExceptionFilter( GetExceptionCode() )) {
|
||
|
||
//
|
||
// We had some trouble trying to perform the requested
|
||
// operation, so we'll abort the I/O request with
|
||
// the error status that we get back from the
|
||
// execption code
|
||
//
|
||
|
||
Status = NpProcessException( NpfsDeviceObject, Irp, GetExceptionCode() );
|
||
}
|
||
|
||
NpReleaseVcb();
|
||
|
||
FsRtlExitFileSystem();
|
||
|
||
//
|
||
// And return to our caller
|
||
//
|
||
|
||
DebugTrace(-1, Dbg, "NpFsdQuerySecurityInfo -> %08lx\n", Status );
|
||
|
||
return Status;
|
||
}
|
||
|
||
|
||
NTSTATUS
|
||
NpFsdSetSecurityInfo (
|
||
IN PNPFS_DEVICE_OBJECT NpfsDeviceObject,
|
||
IN PIRP Irp
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This routine implements the FSD part of the Set Security Information API
|
||
calls.
|
||
|
||
Arguments:
|
||
|
||
NpfsDeviceObject - Supplies the device object to use.
|
||
|
||
Irp - Supplies the Irp being processed
|
||
|
||
Return Value:
|
||
|
||
NTSTATUS - The Fsd status for the Irp
|
||
|
||
--*/
|
||
|
||
{
|
||
NTSTATUS Status;
|
||
|
||
PAGED_CODE();
|
||
|
||
DebugTrace(+1, Dbg, "NpFsdSetSecurityInfo\n", 0);
|
||
|
||
//
|
||
// Call the common Set Information routine.
|
||
//
|
||
|
||
FsRtlEnterFileSystem();
|
||
|
||
NpAcquireExclusiveVcb();
|
||
|
||
try {
|
||
|
||
Status = NpCommonSetSecurityInfo( NpfsDeviceObject, Irp );
|
||
|
||
} except(NpExceptionFilter( GetExceptionCode() )) {
|
||
|
||
//
|
||
// We had some trouble trying to perform the requested
|
||
// operation, so we'll abort the I/O request with
|
||
// the error status that we get back from the
|
||
// execption code
|
||
//
|
||
|
||
Status = NpProcessException( NpfsDeviceObject, Irp, GetExceptionCode() );
|
||
}
|
||
|
||
NpReleaseVcb();
|
||
|
||
FsRtlExitFileSystem();
|
||
|
||
//
|
||
// And return to our caller
|
||
//
|
||
|
||
DebugTrace(-1, Dbg, "NpFsdSetSecurityInfo -> %08lx\n", Status );
|
||
|
||
return Status;
|
||
}
|
||
|
||
|
||
//
|
||
// Internal support routine
|
||
//
|
||
|
||
NTSTATUS
|
||
NpCommonQuerySecurityInfo (
|
||
IN PNPFS_DEVICE_OBJECT NpfsDeviceObject,
|
||
IN PIRP Irp
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This is the common routine for querying security information.
|
||
|
||
Arguments:
|
||
|
||
Irp - Supplies the Irp to process
|
||
|
||
Return Value:
|
||
|
||
NTSTATUS - the return status for the operation
|
||
|
||
--*/
|
||
|
||
{
|
||
PIO_STACK_LOCATION IrpSp;
|
||
NTSTATUS Status;
|
||
|
||
NODE_TYPE_CODE NodeTypeCode;
|
||
PFCB Fcb;
|
||
PCCB Ccb;
|
||
NAMED_PIPE_END NamedPipeEnd;
|
||
|
||
PAGED_CODE();
|
||
|
||
//
|
||
// Get the current stack location
|
||
//
|
||
|
||
IrpSp = IoGetCurrentIrpStackLocation( Irp );
|
||
|
||
DebugTrace(+1, Dbg, "NpCommonQuerySecurityInfo...\n", 0);
|
||
DebugTrace( 0, Dbg, " Irp = %08lx\n", Irp);
|
||
DebugTrace( 0, Dbg, " ->SecurityInformation = %08lx\n", IrpSp->Parameters.QuerySecurity.SecurityInformation);
|
||
DebugTrace( 0, Dbg, " ->Length = %08lx\n", IrpSp->Parameters.QuerySecurity.Length);
|
||
DebugTrace( 0, Dbg, " ->UserBuffer = %08lx\n", Irp->UserBuffer);
|
||
|
||
//
|
||
// Get the ccb and figure out who we are, and make sure we're not
|
||
// disconnected.
|
||
//
|
||
|
||
if ((NodeTypeCode = NpDecodeFileObject( IrpSp->FileObject,
|
||
&Fcb,
|
||
&Ccb,
|
||
&NamedPipeEnd )) == NTC_UNDEFINED) {
|
||
|
||
DebugTrace(0, Dbg, "Pipe is disconnected from us\n", 0);
|
||
|
||
NpCompleteRequest( Irp, STATUS_PIPE_DISCONNECTED );
|
||
Status = STATUS_PIPE_DISCONNECTED;
|
||
|
||
DebugTrace(-1, Dbg, "NpCommonQueryInformation -> %08lx\n", Status );
|
||
return Status;
|
||
}
|
||
|
||
//
|
||
// Now we only will allow write operations on the pipe and not a directory
|
||
// or the device
|
||
//
|
||
|
||
if (NodeTypeCode != NPFS_NTC_CCB) {
|
||
|
||
DebugTrace(0, Dbg, "FileObject is not for a named pipe\n", 0);
|
||
|
||
NpCompleteRequest( Irp, STATUS_INVALID_PARAMETER );
|
||
Status = STATUS_INVALID_PARAMETER;
|
||
|
||
DebugTrace(-1, Dbg, "NpCommonQueryInformation -> %08lx\n", Status );
|
||
return Status;
|
||
}
|
||
|
||
//
|
||
// Call the security routine to do the actual query
|
||
//
|
||
|
||
try {
|
||
|
||
Status = SeQuerySecurityDescriptorInfo( &IrpSp->Parameters.QuerySecurity.SecurityInformation,
|
||
Irp->UserBuffer,
|
||
&IrpSp->Parameters.QuerySecurity.Length,
|
||
&Fcb->SecurityDescriptor );
|
||
|
||
if ( Status == STATUS_BUFFER_TOO_SMALL ) {
|
||
|
||
Irp->IoStatus.Information = IrpSp->Parameters.QuerySecurity.Length;
|
||
|
||
Status = STATUS_BUFFER_OVERFLOW;
|
||
}
|
||
|
||
} except(EXCEPTION_EXECUTE_HANDLER) {
|
||
|
||
ExRaiseStatus( STATUS_INVALID_USER_BUFFER );
|
||
}
|
||
|
||
NpCompleteRequest( Irp, Status );
|
||
|
||
DebugTrace(-1, Dbg, "NpCommonQuerySecurityInfo -> %08lx\n", Status );
|
||
return Status;
|
||
}
|
||
|
||
|
||
//
|
||
// Internal support routine
|
||
//
|
||
|
||
NTSTATUS
|
||
NpCommonSetSecurityInfo (
|
||
IN PNPFS_DEVICE_OBJECT NpfsDeviceObject,
|
||
IN PIRP Irp
|
||
)
|
||
|
||
/*++
|
||
|
||
Routine Description:
|
||
|
||
This is the common routine for Setting security information.
|
||
|
||
Arguments:
|
||
|
||
Irp - Supplies the Irp to process
|
||
|
||
Return Value:
|
||
|
||
NTSTATUS - the return status for the operation
|
||
|
||
--*/
|
||
|
||
{
|
||
PIO_STACK_LOCATION IrpSp;
|
||
NTSTATUS Status;
|
||
|
||
NODE_TYPE_CODE NodeTypeCode;
|
||
PFCB Fcb;
|
||
PCCB Ccb;
|
||
NAMED_PIPE_END NamedPipeEnd;
|
||
|
||
PSECURITY_DESCRIPTOR OldSecurityDescriptor;
|
||
|
||
PAGED_CODE();
|
||
|
||
//
|
||
// Get the current stack location
|
||
//
|
||
|
||
IrpSp = IoGetCurrentIrpStackLocation( Irp );
|
||
|
||
DebugTrace(+1, Dbg, "NpCommonSetSecurityInfo...\n", 0);
|
||
DebugTrace( 0, Dbg, " Irp = %08lx\n", Irp);
|
||
DebugTrace( 0, Dbg, " ->SecurityInformation = %08lx\n", IrpSp->Parameters.SetSecurity.SecurityInformation);
|
||
DebugTrace( 0, Dbg, " ->SecurityDescriptor = %08lx\n", IrpSp->Parameters.SetSecurity.SecurityDescriptor);
|
||
|
||
//
|
||
// Get the ccb and figure out who we are, and make sure we're not
|
||
// disconnected.
|
||
//
|
||
|
||
if ((NodeTypeCode = NpDecodeFileObject( IrpSp->FileObject,
|
||
&Fcb,
|
||
&Ccb,
|
||
&NamedPipeEnd )) == NTC_UNDEFINED) {
|
||
|
||
DebugTrace(0, Dbg, "Pipe is disconnected from us\n", 0);
|
||
|
||
NpCompleteRequest( Irp, STATUS_PIPE_DISCONNECTED );
|
||
Status = STATUS_PIPE_DISCONNECTED;
|
||
|
||
DebugTrace(-1, Dbg, "NpCommonQueryInformation -> %08lx\n", Status );
|
||
return Status;
|
||
}
|
||
|
||
//
|
||
// Now we only will allow write operations on the pipe and not a directory
|
||
// or the device
|
||
//
|
||
|
||
if (NodeTypeCode != NPFS_NTC_CCB) {
|
||
|
||
DebugTrace(0, Dbg, "FileObject is not for a named pipe\n", 0);
|
||
|
||
NpCompleteRequest( Irp, STATUS_INVALID_PARAMETER );
|
||
Status = STATUS_INVALID_PARAMETER;
|
||
|
||
DebugTrace(-1, Dbg, "NpCommonQueryInformation -> %08lx\n", Status );
|
||
return Status;
|
||
}
|
||
|
||
//
|
||
// Call the security routine to do the actual set
|
||
//
|
||
|
||
OldSecurityDescriptor = Fcb->SecurityDescriptor;
|
||
|
||
Status = SeSetSecurityDescriptorInfo( NULL,
|
||
&IrpSp->Parameters.SetSecurity.SecurityInformation,
|
||
IrpSp->Parameters.SetSecurity.SecurityDescriptor,
|
||
&Fcb->SecurityDescriptor,
|
||
PagedPool,
|
||
IoGetFileObjectGenericMapping() );
|
||
|
||
if (NT_SUCCESS(Status)) {
|
||
ExFreePool( OldSecurityDescriptor );
|
||
}
|
||
|
||
NpCompleteRequest( Irp, Status );
|
||
|
||
DebugTrace(-1, Dbg, "NpCommonSetSecurityInfo -> %08lx\n", Status );
|
||
return Status;
|
||
}
|